|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Wed, 19 Oct 2016 11:59:01 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=redhat.com;mitre.org; dkim=none (message not signed) header.d=none;
- Delivery-date: Wed Oct 19 16:51:21 2016
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
Here is the proposed standard for version 2.0, it breaks some backwards compat (by supporting translations, better PROBLEMTYPE and so on).
--
{
"VERSION": "2.0",
"UPDATED": "DATE-TIMESTAMP",
"SERIAL": "INT",
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"DWF": {
"VERSION": "2.0",
"CVE_ID": "CVE-YEAR-NNNNNNN",
"PROBLEMTYPE": {
"CWE": "X",
"OWASP": "X",
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
}
},
"CVSSv2": {
"VERSION": "2.0",
"BM": {
"AV": "X",
"AC": "X",
"AU": "X",
"C": "X",
"I": "X",
"A": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"TM": {
"E": "X",
"RL": "X",
"RC": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"EM": {
"CDP": "X",
"TD": "X",
"CR": "X",
"IR": "X",
"AR": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"NOTES": "string"
},
"CVSSv3": {
"VERSION": "2.0",
"BM": {
"AV": "X",
"AC": "X",
"PR": "X",
"UI": "X",
"S": "X",
"C": "X",
"I": "X",
"A": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"TM": {
"E": "X",
"RL": "X",
"RC": "X",
"SCORE": "N.N",
"NOTES": "string"
},
"EM": {
"CR": "X",
"IR": "X",
"AR": "X",
"MAV": "X",
"MAC": "X",
"MPR": "X",
"MUI": "X",
"MS": "X",
"MC": "X",
"MI": "X",
"MA": "X",
"SCORE": "N.N",
"NOTES": "string"
}
},
"AFFECTS": [
{
"VENDOR": "string",
"PRODUCT": "string",
"VERSION": "string",
"CPE": "cpe_string",
"SWID": "swid_string (XML data with line breaks)",
"AFFECTED": [
"1.0",
"2.0.6"
],
"FIXEDIN": [
"1.3",
"2.0.7"
],
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
},
"SOURCES": [
{
"VERSION": "2.0",
"NAME": "name of source (can be URL)",
"DESCRIPTION": {
"eng": "String description of issue",
"ger": "String Beschreibung des Problems",
"jpn": "問題の説明文字列"
},
"TYPE": "WWW/PDF/TEXT/EMAIL/etc.",
"FILES": [
{
"URL": "URL to source",
"IMPORTTIME": "DATE-TIMESTAMP",
"LOCALNAME": "local filename",
"FORMAT": "string",
"NOTES": "string"
}
]
}
],
"EXPLOITATION": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"WORKAROUND": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"CREDITS": [
{
"VERSION": "2.0",
"ID": {
"type_of_id_string": "string"
},
"ROLE": [
"role_name_string"
],
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"TIMELINE": [
{
"VERSION": "2.0",
"TIMESTAMP": "DATE-TIMESTAMP",
"SOURCE": {
"type_of_id_string": "string"
},
"TEXT": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
},
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
}
],
"NOTES": {
"eng": "Text data here",
"ger": "Textdaten hier",
"jpn": "ここにテキストデータ"
}
},
"COMMUNITY": {
"VERSION": "2.0"
},
"EXPERIMENTAL": {
"VERSION": "2.0"
},
"VENDOR": {
"VERSION": "2.0",
"Example Vendor Name": {
"VERSION": "2.0",
"PROBLEMTYPE": "same as in DWF section",
"CVSSv2": "same as in DWF section",
"CVSSv3": "same as in DWF section",
"AFFECTS": "same as in DWF section",
"DESCRIPTION": "same as in DWF section",
"SOURCES": "same as in DWF section",
"EXPLOITATION": "same as in DWF section",
"WORKAROUND": "same as in DWF section",
"NOTES": "same as in DWF section",
"Example Product Name": {
"VERSION": "2.0",
"PROBLEMTYPE": "same as in DWF section",
"CVSSv2": "same as in DWF section",
"CVSSv3": "same as in DWF section",
"AFFECTS": "same as in DWF section",
"DESCRIPTION": "same as in DWF section",
"SOURCES": "same as in DWF section",
"EXPLOITATION": "same as in DWF section",
"WORKAROUND": "same as in DWF section",
"NOTES": "same as in DWF section"
}
}
}
}
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Follow-Ups:
- Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- From: Kurt Seifried <kseifried@redhat.com>
- Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Prev by Date: RE: CNA Rules Announcement
- Next by Date: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Previous by thread: Re: Agenda for CVE Board Meeting October 19 (Wednesday)
- Next by thread: Re: DWV JSON format Version 2.0 (breaks some compat with Version 1.x)
- Index(es):